package org.jfrog.security.crypto;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.crypto.SecretKey;
import org.jfrog.security.crypto.encrypter.BytesEncrypterBase;
import org.jfrog.security.crypto.encrypter.DummyBytesEncrypter;
import org.jfrog.security.crypto.exception.CryptoRuntimeException;
import org.jfrog.security.crypto.result.DecryptionBytesResult;
import org.jfrog.security.crypto.result.DecryptionStatus;
import org.jfrog.security.crypto.result.DecryptionStringResult;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/jfrog/security/crypto/EncryptionWrapperBase.class */
public class EncryptionWrapperBase implements EncryptionWrapper, SecretProvider {
    private final List<BytesEncrypterBase> decrypters;
    final BytesEncrypterBase topEncrypter;
    private static final Logger log = LoggerFactory.getLogger(EncryptionWrapperBase.class);

    @Nonnull
    private final EncodingType encodingType;
    private final FormatUsed formatUsed;

    public EncryptionWrapperBase(@Nonnull EncodingType encodingType, BytesEncrypterBase bytesEncrypterBase, List<BytesEncrypterBase> list, FormatUsed formatUsed) {
        if (encodingType == EncodingType.NO_ENCODING && !(bytesEncrypterBase instanceof DummyBytesEncrypter)) {
            throw new IllegalArgumentException("Symmetric encryption cannot use a no encoder for byte to string");
        }
        this.topEncrypter = bytesEncrypterBase;
        this.formatUsed = formatUsed;
        this.decrypters = list == null ? new ArrayList() : list;
        this.encodingType = encodingType;
    }

    @Override // org.jfrog.security.crypto.EncryptionWrapper
    public CipherAlg getCipherAlg() {
        return this.topEncrypter.getCipherAlg();
    }

    @Override // org.jfrog.security.crypto.EncryptionWrapper
    @Nonnull
    public EncodingType getEncodingType() {
        return this.encodingType;
    }

    @Override // org.jfrog.security.crypto.EncryptionWrapper
    public boolean isEncodedByMe(String str) {
        return str != null && getEncodingType().isEncodedByMe(str);
    }

    @Override // org.jfrog.security.crypto.EncryptionWrapper
    @Nonnull
    public DecryptionStringResult decryptIfNeeded(String str) {
        if (str == null) {
            return new DecryptionStringResult(null);
        }
        JFrogEnvelop parse = JFrogEnvelop.parse(str);
        return (parse == null || (parse.encodingType.isEncryptedFormat() && parse.isGoodChecksum())) ? !isEncodedByMe(str) ? new DecryptionStringResult(str) : decrypt(str) : new DecryptionStringResult(str);
    }

    private DecryptionStringResult decrypt(String str) {
        JFrogEnvelop parse = JFrogEnvelop.parse(str);
        if (parse == null) {
            throw new RuntimeException("Can't parse encrypted");
        }
        DecryptionBytesResult decrypt = decrypt(parse);
        return new DecryptionStringResult(EncodingType.bytesToString(decrypt.getDecryptedData()), decrypt.getStatus());
    }

    public DecryptionBytesResult decrypt(@Nonnull byte[] bArr) {
        return decrypt(null, null, bArr);
    }

    private DecryptionBytesResult decrypt(JFrogEnvelop jFrogEnvelop) {
        return decrypt(jFrogEnvelop.getKeyId(), jFrogEnvelop.getAlg(), jFrogEnvelop.extractBytes());
    }

    private DecryptionBytesResult decrypt(String str, CipherAlg cipherAlg, byte[] bArr) {
        Exception exc = null;
        if (isUnspecifiedOrMatchedWithTop(str, cipherAlg)) {
            try {
                return new DecryptionBytesResult(this.topEncrypter.decrypt(bArr), DecryptionStatus.SUCCESS);
            } catch (Exception e) {
                exc = e;
            }
        }
        return decryptFallback(str, cipherAlg, bArr, exc);
    }

    private DecryptionBytesResult decryptFallback(@Nullable String str, @Nullable CipherAlg cipherAlg, @Nonnull byte[] bArr, @Nullable Exception exc) {
        Stream<BytesEncrypterBase> stream = this.decrypters.stream();
        if (cipherAlg != null) {
            stream = stream.filter(bytesEncrypterBase -> {
                return bytesEncrypterBase.getCipherAlg() == cipherAlg;
            });
        }
        if (str != null) {
            stream = stream.filter(bytesEncrypterBase2 -> {
                return bytesEncrypterBase2.keyMatch(str);
            });
        }
        for (BytesEncrypterBase bytesEncrypterBase3 : stream) {
            try {
                return new DecryptionBytesResult(bytesEncrypterBase3.decrypt(bArr), DecryptionStatus.SUCCESS_WITH_FALLBACK);
            } catch (Exception e) {
                if (str == null) {
                    if (exc == null) {
                        exc = e;
                    }
                    log.trace("Failed decrypt (unspecified keyId) {} alg {} ", new Object[]{bytesEncrypterBase3.getKeyId(), cipherAlg, e});
                } else if (exc == null) {
                    log.error("Failed decrypt with matching keyId {} alg {} ", new Object[]{str, cipherAlg, e});
                    exc = e;
                } else {
                    log.debug("Again - Failed decrypt with matching keyId {} alg {} ", new Object[]{str, cipherAlg, e});
                }
            }
        }
        if (exc == null) {
            if (str == null) {
                String format = String.format("Unexpected decrypt without keyId and no matchig alg %s", cipherAlg);
                log.error(format);
                throw new CryptoRuntimeException(format);
            }
            log.error("no matched algorithm and key for {} {}", cipherAlg, str);
            exc = new CryptoRuntimeException(new KeyIdAlgCipherNotFound("no matched algorithm and key for" + cipherAlg + " " + str));
        }
        throw new CryptoRuntimeException(exc.getCause());
    }

    @Override // org.jfrog.security.crypto.EncryptionWrapper
    @Nullable
    public byte[] encrypt(@Nullable byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        return this.topEncrypter.encrypt(bArr);
    }

    @Override // org.jfrog.security.crypto.EncryptionWrapper
    @Nonnull
    public String getFingerprint() {
        return this.topEncrypter.getFingerprint();
    }

    @Deprecated
    String encryptIfNeededNoMigrate(String str) {
        if (str == null) {
            return null;
        }
        if (isEncodedByMe(str)) {
            return str;
        }
        return getEncodingType().encodeFormat(this.topEncrypter.getKeyId(), this.topEncrypter.getCipherAlg(), this.topEncrypter.encrypt(EncodingType.stringToBytes(str)));
    }

    @Override // org.jfrog.security.crypto.EncryptionWrapper
    public String encryptIfNeeded(String str) {
        if (str == null) {
            return null;
        }
        if (!this.encodingType.isEncryptedFormat()) {
            throw new RuntimeException("Encrypting with plaintext encoding " + this.encodingType);
        }
        JFrogEnvelop parse = JFrogEnvelop.parse(str);
        if (parse != null && isTopEncrypted(parse)) {
            return str;
        }
        String decryptedData = decryptIfNeeded(str).getDecryptedData();
        if (decryptedData == null || (isEncodedByMe(str) && !decryptedData.equals(str))) {
            return str;
        }
        byte[] encrypt = this.topEncrypter.encrypt(EncodingType.stringToBytes(decryptedData));
        return this.formatUsed == FormatUsed.OldFormat ? getEncodingType().encode(encrypt) : getEncodingType().encodeFormat(this.topEncrypter.getKeyId(), this.topEncrypter.getCipherAlg(), encrypt);
    }

    private boolean isUnspecifiedOrMatchedWithTop(String str, CipherAlg cipherAlg) {
        return isKeyUnspecifiedOrMatchedTop(str) && isAlgUnspecifiedOrMatched(cipherAlg);
    }

    private boolean isKeyUnspecifiedOrMatchedTop(String str) {
        return str == null || this.topEncrypter.keyMatch(str);
    }

    private boolean isAlgUnspecifiedOrMatched(CipherAlg cipherAlg) {
        return cipherAlg == null || cipherAlg.equals(this.topEncrypter.getCipherAlg());
    }

    private boolean isTopEncrypted(JFrogEnvelop jFrogEnvelop) {
        String keyId;
        if (jFrogEnvelop.encodingType == this.encodingType && (keyId = jFrogEnvelop.getKeyId()) != null) {
            return this.topEncrypter.keyMatch(keyId);
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void ensureMatchingPrivatePublicKeys() {
        ensureMatchingPrivatePublicKeys(this.topEncrypter);
    }

    private static void ensureMatchingPrivatePublicKeys(BytesEncrypterBase bytesEncrypterBase) {
        try {
            byte[] bytes = "Some text to encrypt".getBytes();
            if (Arrays.equals(bytes, bytesEncrypterBase.decrypt(bytesEncrypterBase.encrypt(bytes)))) {
            } else {
                throw new IllegalStateException("Decrypted bytes are not equal to the original bytes.");
            }
        } catch (Exception e) {
            throw new IllegalStateException("Provided private key and certificate do not match.", e);
        }
    }

    @Override // org.jfrog.security.crypto.SecretProvider
    public SecretKey getSecret() {
        return ((SecretProvider) this.topEncrypter).getSecret();
    }

    public String toString() {
        return "EncryptionWrapperBase{ encodingType=" + this.encodingType + ", topEncrypter=" + this.topEncrypter + ", formatUsed=" + this.formatUsed + ", decrypters=" + this.decrypters + "}";
    }
}
